Protecting The Access Point Configuration With User Manager - Cisco Aironet 1200 Series Software Configuration Manual

Security Overview

Protecting the Access Point Configuration with User Manager

Cisco Aironet 1200 Series Access Point Software Configuration Guide
4-8
During shared key authentication, the access point sends an unencrypted
challenge text string to any device attempting to communicate with the access
point. The device requesting authentication encrypts the challenge text and
sends it back to the access point. If the challenge text is encrypted correctly,
the access point allows the requesting device to authenticate. Both the
unencrypted challenge and the encrypted challenge can be monitored,
however, which leaves the access point open to attack from an intruder who
calculates the WEP key by comparing the unencrypted and encrypted text
strings. Because of this weakness, shared key authentication can be less
secure than open authentication. Like open authentication, shared key
authentication does not rely on a RADIUS server on your network.
Figure 4-5 shows the authentication sequence between a device trying to
authenticate and an access point using shared key authentication. In this
example the device's WEP key matches the access point's key, so it can
authenticate and communicate.
Figure 4-5 Sequence for Shared Key Authentication
Access point
or bridge
with WEP key = 123
1. Authentication request
2. Unencrypted challenge
3. Encrypted challenge response
4. Authentication response
The access point's user manager feature prevents unauthorized entry to the access
point management system. You create a list of administrators authorized to view
and adjust the access point settings; unauthorized users are locked out. See the
"Setting Up Administrator Authorization" section on page 4-38
on using the user manager.
Chapter 4 Security Setup
Client device
with WEP key = 123
for instructions
OL-2159-01